Search

34,794 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM5.4CVE-2026-47671Nhost CLI local configserver allows cross-origin unauthenticated read/write access to local development configuration and secrets6/4/2026
MEDIUM4.9CVE-2026-45057Incomplete message edit validation in matrix-sdk-ui6/4/2026
MEDIUM5.9CVE-2026-48681OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.6/4/2026
MEDIUM6.5CVE-2026-49144EPSS 0.02%browserstack-runner has an unauthenticated arbitrary file read via path traversal in HTTP server6/3/2026
MEDIUM5.5CVE-2026-44022Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands6/3/2026
MEDIUM5.4CVE-2026-33244EPSS 0.03%React Router has stored XSS via unescaped Location header in prerendered redirect HTML6/3/2026
MEDIUM6.8CVE-2026-9648crypton-x509-validation and crypton-x509 do not enforce X.509 Name Constraints6/3/2026
MEDIUM5.3CVE-2026-42507EPSS 0.03%Arbitrary inputs are included in errors without any escaping in net/textproto6/2/2026
MEDIUM6.5CVE-2026-27145EPSS 0.00%Inefficient candidate hostname parsing in crypto/x5096/2/2026
MEDIUM6.3CVE-2026-49943EPSS 0.04%CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matching implementation i…6/2/2026
MEDIUM4.3CVE-2026-46605EPSS 0.06%Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incomplete authorization during destination removal6/1/2026
MEDIUM6.1CVE-2026-42253EPSS 0.17%Apache ActiveMQ, Apache ActiveMQ Web: HTTP Response Header Injection via JMS Message Properties6/1/2026
MEDIUM5.9CVE-2026-49270EPSS 0.09%Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire)6/1/2026
MEDIUM4.3CVE-2026-10294EPSS 0.03%A vulnerability has been found in PackageKit up to 1.3.5.6/1/2026
MEDIUM4.3CVE-2026-45729EPSS 0.03%Thor Vector Graphics (ThorVG) is a production-ready vector graphics engine.6/1/2026
MEDIUM5.0CVE-2026-10275EPSS 0.06%A flaw has been found in OpenSC up to 0.26.1.6/1/2026
MEDIUM5.5CVE-2025-60495EPSS 0.01%A segmentation violation in the gf_media_get_color_info function (/media_tools/isom_tools.c) of GPAC Project/MP4Box before 26.02.0 allows a…6/1/2026
MEDIUM5.5CVE-2025-60486EPSS 0.01%A heap use-after-free in the dasher_process function (/filters/dasher.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a…6/1/2026
MEDIUM5.5CVE-2025-60485EPSS 0.01%A segmentation violation in the gf_isom_apple_set_tag_ex function (/isomedia/isom_write.c) of GPAC Project/MP4Box before 26.02.0 allows att…6/1/2026
MEDIUM5.5CVE-2025-60483EPSS 0.01%A NULL pointer dereference in the gf_ac4_pres_b_4_back_channels_present function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before…6/1/2026
MEDIUM5.5CVE-2025-60481EPSS 0.01%A NULL pointer dereference in the gf_odf_ac4_cfg_dsi_v1 function (/odf/descriptors.c) of GPAC Project/MP4Box before 26.02.0 allows attacker…6/1/2026
MEDIUM5.5CVE-2025-55664EPSS 0.01%A heap buffer overflow in the m2tsdmx_send_packet function (filters/dmx_m2ts.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of S…6/1/2026
CRITICAL9.6CVE-2026-47413praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members6/1/2026
MEDIUM6.5CVE-2026-47411praisonai-platform: Any workspace member can rewrite workspace name, description, and settings via PATCH /workspaces/{id}6/1/2026
CRITICAL9.6CVE-2026-47428Vitest browser mode serves unsanitized otelCarrier query parameter as inline script6/1/2026

← PrevPage 2 of 1392Next →